DirectAccess + OTP + Run As RRS feed

  • Question

  • Hello everyone,

    after using DA with OTP for a while, today I ran into a problem. I don´t call it a bug, but more something which works as it is designed... but could use an improvement.

    I can work with DA fine while I´m logged in with my personalized User and entered my OTP. The problem starts when I use the Run As command and start a process with another User Account. DA then normally will establish another User Tunnel for this particular User. But since we have OTP enabled, the tunnel cannot be stablished (I can see this via get-daconnectionstatus). Since there seems to be no way to enter an OTP again for this particular User, I´m stuck.

    The only workaround I can use currently is, adding this second User to the DA OTP exemption group (which I don´t really want to use at all in a production environment).

    It would be great to have a prompt in the Network settings or somewhere else as soon as you start a process with another User and another DA User Tunnel needs to be established and authenticated.

    Kind regards,

    René Büdinger

    Friday, July 3, 2015 2:51 PM


  • Hi,

    Not sure this particular scenario was considered when DirectAccess was designed by Microsoft guys. Exception group seems to be your only solution. if this account is dedicated to administrative tasks, a remote desktop session would be a better solution.

    Best regards.

    BenoitS - Simple by Design

    • Proposed as answer by BenoitSMVP Tuesday, July 7, 2015 9:57 AM
    • Marked as answer by René Büdinger Wednesday, January 11, 2017 8:35 AM
    Tuesday, July 7, 2015 9:57 AM